Tag: cybersecurity

Categories
Education Reading

Latest Read: You’ll See This Message When It Is Too Late

You’ll See This Message When It Is Too Late: The Legal and Economic Aftermath of Cybersecurity Breaches by Josephine Wolff.

You’ll See This Message When It Is Too Late: The Legal and Economic Aftermath of Cybersecurity Breaches by Josephine Wolff

Josephine holds a AB, Mathematics from Princeton University and a MS in Technology & Policy and PhD in Engineering Systems both from MIT. Today she is Associate Professor of Cybersecurity Policy Associate Professor, Computer Science, Engineering and Director, Hitachi Center for Technology and International Affairs at Tufts University. She is also a visiting professor of Law at Yale Law School.

Josephine outlines a series in fact of highly publicized cybersecurity incidents between 2005 and 2015. She is able to map the entire attack cycle of each breach. This certainly leads to insights for identifying opportunities for more robust defensive intervention. There are three main motives: financial gain, espionage, and public humiliation of the victim. These are a consistent theme over the ten year timeframe.

During this decade, cyber attacks made the news regularity. The book discusses the legal ramification organizations face after a breach. Here the focus is including litigation, regulatory fines, and compliance issues. Josephine also analyzes financial ramifications including direct costs for remediation and legal fees and the indirect costs like customer trust and brand damage. Josephine documents real-world examples of significant data breaches and the various organizational responses and lessons learned.

Continue reading “Latest Read: You’ll See This Message When It Is Too Late”
Categories
Cyberinfrastructure Education Network Reading

Latest Read: Zero Trust Networks

Zero Trust Networks: Building Secure Systems in Untrusted Networks by Razi Rais.

Zero Trust Networks: Building Secure Systems in Untrusted Networks by Razi Rais

Razi holds a BS In Computer Science from Karachi University and Masters in Computer Science from Shaheed Zulfikar Ali Bhutto Institute of Science and Technology. Today Razi is a Microsoft Senior Product Manager for Microsoft Security + AI.

Zero Trust is yet another confusing and misleading security phrase which confuses almost everyone including IT teams. Yet, it is a very critical network security strategy. Today this is needed more than ever before. This strategy assumes no one or device is trustworthy by default. This requires all users authenticating with their devices before accessing, networks, applications and data.

The core concept is to simply: assume breach. As odd as this will sound at first, continuously monitoring and logging of user and device activity will detect threats. By inspecting network traffic, the verification of each request will be based on an any organization’s access policy. This greatly reduces risk of insider threats, data protection. In addition to the unknowingly misuse of employee’s personal home computers lacking security standards set by their organization. Even in 2024, employee’s home computers still lack anti-virus, malware, or identity theft protection.

Continue reading “Latest Read: Zero Trust Networks”
Categories
Education Ransomware Reading Technology

Latest Read: Fighting Phishing

Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing by Roger A. Grimes.

Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing by Roger Grimes

Roger holds a BA in Accounting and Economics from Old Dominion University. A former Principal Security Architect at Microsoft, Roger was a computer security columnist at InfoWorld. Today Roger is a Data-Driven Defense Evangelist at KnowBe4.

This book is not only mandatory reading for every IT organization’s team, but even individuals must learn to protect their personal accounts and valuable data safe sophisticated social engineering and phishing attacks.

This book is well regarded within the cybersecurity community. This is a practical guide to understanding and defending against phishing attacks. Roger is in fact, outlining how an in-depth approach is required, now more than ever, to deploy a robust defense against social engineering and phishing threats.

Anyone can acquire the understanding of how critical defenses must be in place today. So, just search for ‘phishing attack’ to clearly understand how organizations still fall victim to these attacks which continue to be the entry into organizational networks and systems.

Continue reading “Latest Read: Fighting Phishing”
Categories
Education Reading

Latest Read: Profit over Privacy

Profit over Privacy: How Surveillance Advertising Conquered the Internet by Matthew Crain.

Profit over Privacy: How Surveillance Advertising Conquered the Internet by Matthew Crain

Matthew holds a PhD from the University of Illinois, Urbana-Champaign. He is an assistant professor of media and communication at Miami University of Ohio and previously taught at Queens College, City University of New York.

The contemporary internet’s de facto business model is one of Surveillance has been the new black. While browser cookies follow us around the web, Web beacons can track and harvest every Google search, every webpage visited, In fact, on a growing number of global websites, beacons know where you click. Yes indeed they know everything about you and are monetizing all of your online activities every day.

In Profit over Privacy, Matthew is delivering a solid historical beginning to the billion dollar surveillance advertising business.

In fact, Facebook posted revenues over $319 billion in 2021 alone. Surprised learning this is below their 2020 revenue? The loss of our privacy is via Facebook, Google, and Amazon. They certainly resell our online activity to data brokers.

Matthew is tracing this surveillance advertising back to the Clinton administration. This includes the launch of the country’s Nation Information Infrastructure and how the long established Information Infrastructure Task Force (IITF) designed a safe approach which did acknowledge the coming online profiling of citizens. The FTC also looked to consumer empowerment. But in America, politics ran amok.

Continue reading “Latest Read: Profit over Privacy”
Categories
Artificial Intelligence Cyberinfrastructure Education Reading

Latest Read: Cybersecurity: The Insights You Need

Cybersecurity: The Insights You Need from Harvard Business Review.

Cybersecurity: The Insights You Need from Harvard Business Review

So let’s start with the end in mind to avoid all misunderstandings: this is targeted to every leader and board member regardless of market or industry. They simply must fully comprehend why cybersecurity has been and always will be an ongoing risk.

This is a well written, high level and most importantly a non-technical overview of cybersecurity. This risk can no longer be overlooked by organizations and delegated like it was 1994. Today more than ever before cybersecurity impacts your bottom line, including non-technology based organizations.

And in 2024 we can simply cut to the chase. If your organization’s cybersecurity service is not AI based, it is time to pivot to a vendor that deploys machine learning services to protect your organization, your data and most importantly, your customer data. Just query your insurance carrier for a list of approved vendors that deploy AI cybersecurity services. For the most part the pandemic made this pivot mandatory.

In fact, cyber risk management can no longer be isolated to your organization’s CIO and CISO. This is simply an organization-wide issue. Today every organization’s technology services group have become the key component for organizational success.

Continue reading “Latest Read: Cybersecurity: The Insights You Need”